× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: bb8237ea061c1e3556a352c9fae32f7471587dc7315f47d370accc18573f064c
File name: OIKO.EXE
Detection ratio: 40 / 68
Analysis date: 2018-11-17 10:36:11 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31355991 20181117
AegisLab Trojan.Multi.Generic.4!c 20181117
AhnLab-V3 Trojan/Win32.Emotet.R244954 20181116
ALYac Trojan.GenericKD.31355991 20181117
Arcabit Trojan.Generic.D1DE7457 20181117
Avast Win32:BankerX-gen [Trj] 20181117
AVG Win32:BankerX-gen [Trj] 20181117
Avira (no cloud) TR/AD.Emotet.ejx 20181116
BitDefender Trojan.GenericKD.31355991 20181117
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20181022
Cybereason malicious.868f35 20180225
Cylance Unsafe 20181117
Cyren W32/Trojan.EVTJ-9381 20181117
Emsisoft Trojan.GenericKD.31355991 (B) 20181117
Endgame malicious (high confidence) 20181108
ESET-NOD32 Win32/Emotet.BN 20181117
F-Secure Trojan.GenericKD.31355991 20181117
Fortinet W32/Emotet.BN!tr 20181117
GData Trojan.GenericKD.31355991 20181117
Ikarus Win32.Outbreak 20181117
Sophos ML heuristic 20181108
Kaspersky Trojan-Banker.Win32.Emotet.bqdq 20181117
Malwarebytes Trojan.Emotet 20181117
MAX malware (ai score=100) 20181117
McAfee RDN/Generic.dx 20181117
McAfee-GW-Edition Artemis!Trojan 20181117
Microsoft Trojan:Win32/Emotet.AC!bit 20181117
eScan Trojan.GenericKD.31355991 20181117
NANO-Antivirus Virus.Win32.Gen.ccmw 20181117
Palo Alto Networks (Known Signatures) generic.ml 20181117
Panda Trj/RnkBend.A 20181117
Qihoo-360 HEUR/QVM20.1.3A9D.Malware.Gen 20181117
Rising Trojan.Fuerboos!8.EFC8 (CLOUD) 20181117
Sophos AV Mal/Generic-S 20181117
Symantec Trojan.Emotet 20181116
TrendMicro TrojanSpy.Win32.EMOTET.BF 20181117
TrendMicro-HouseCall TrojanSpy.Win32.EMOTET.BF 20181117
VIPRE Trojan.Win32.Generic!BT 20181117
Webroot W32.Trojan.Emotet 20181117
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.bqdq 20181117
Alibaba 20180921
Antiy-AVL 20181117
Avast-Mobile 20181117
Babable 20180918
Baidu 20181116
Bkav 20181116
CAT-QuickHeal 20181116
ClamAV 20181117
CMC 20181116
DrWeb 20181117
eGambit 20181117
F-Prot 20181117
Jiangmin 20181117
K7AntiVirus 20181117
K7GW 20181117
Kingsoft 20181117
SentinelOne (Static ML) 20181011
SUPERAntiSpyware 20181114
Symantec Mobile Insight 20181108
TACHYON 20181117
Tencent 20181117
TheHacker 20181113
TotalDefense 20181117
Trustlook 20181117
VBA32 20181116
ViRobot 20181116
Yandex 20181116
Zillya 20181116
Zoner 20181117
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights

Product Microsoft (R) SQL Mo
Internal name SQLCEOLED
File version 3.00.
Description Microsoft SQL
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-11-16 03:14:13
Entry Point 0x000100E4
Number of sections 6
PE sections
PE imports
RegDisableReflectionKey
IsWellKnownSid
GetSidIdentifierAuthority
GetClusterResourceNetworkName
FindTextA
ExtTextOutW
ExtEscape
DeleteObject
GetWorldTransform
GetTextColor
GetPaletteEntries
GetRegionData
GetTextFaceW
GetTextAlign
DefineDosDeviceW
FindFirstChangeNotificationA
FileTimeToSystemTime
lstrlenA
GlobalFree
SetEvent
GlobalFindAtomA
GetTickCount
GetProcessId
GetCurrentProcess
GetConsoleCursorInfo
GetConsoleTitleW
GetCommProperties
GetCompressedFileSizeA
GetTempPathA
LocalFlags
FindResourceExW
GetCommTimeouts
FindAtomW
GetSystemDirectoryA
GetModuleHandleW
GlobalMemoryStatus
GetEnvironmentVariableA
GetFileAttributesExA
DefineDosDeviceA
GetEnvironmentVariableW
GetErrorInfo
EnumWindowStationsA
GetClassInfoExW
DrawStateA
EnumWindowStationsW
FlashWindowEx
GetClipboardData
InsertMenuItemW
DrawIcon
GetClipboardSequenceNumber
LockWorkStation
DestroyIcon
GetClientRect
DrawMenuBar
IsIconic
FrameRect
GetWindowTextLengthA
GetKeyboardState
GetWindowModuleFileNameW
DestroyAcceleratorTable
GetSysColorBrush
LockWindowUpdate
GetSystemMenu
FindWindowExW
GetWindowRgnBox
GetWindowInfo
GetMenuStringW
FindFirstUrlCacheGroup
GetUrlCacheEntryInfoExW
timeGetTime
strlen
strcspn
FindMimeFromData
Number of PE resources by type
RT_STRING 5
RT_RCDATA 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
SpecialBuild
[pre-release version: pre-alpha]

SubsystemVersion
5.0

LinkerVersion
12.0

ImageVersion
0.1

FileSubtype
100

FileVersionNumber
8.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
Microsoft SQL

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Windows, Latin1

InitializedDataSize
409600

EntryPoint
0x100e4

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights

FileVersion
3.00.

TimeStamp
2018:11:16 04:14:13+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
SQLCEOLED

ProductVersion
3

UninitializedDataSize
0

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corpora

CodeSize
0

ProductName
Microsoft (R) SQL Mo

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Dynamic link library

File identification
MD5 2c74734868f35ab332f1073b4a3aebcf
SHA1 473ba73123cef6bb09455465de83f9a2126e1d10
SHA256 bb8237ea061c1e3556a352c9fae32f7471587dc7315f47d370accc18573f064c
ssdeep
3072:um+q2X8oVXrmvFabqDJKIRZLAzgD1hgkvqSTKeEJ4927aw3lIn:kq2LV7mvU8KIRZ6u1hgkvqSTKeEJg8

authentihash 5d854de50bc93eb5f76e2952d05a300a7c560c04654b84ee984f4b60c5c6f1fb
imphash 4701fbfd5903958bfbc515c08c7c3740
File size 464.0 KB ( 475136 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Dynamic Link Library (generic) (38.4%)
Win32 Executable (generic) (26.3%)
OS/2 Executable (generic) (11.8%)
Generic Win/DOS Executable (11.6%)
DOS Executable Generic (11.6%)
Tags
peexe

VirusTotal metadata
First submission 2018-11-15 19:17:33 UTC ( 3 months, 1 week ago )
Last submission 2018-11-16 18:58:48 UTC ( 3 months, 1 week ago )
File names OIKO.EXE
26666376.EXE
0CEGHNFCMP2OBRIS.EXE
roIZiy.exe
SQLCEOLED
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!